Legal Island’s senior management recognises the importance of developing and implementing an Information Security Management System (ISMS) to protect business information assets within Legal Island from all threats, whether internal or external, deliberate, or accidental, and also to demonstrate the commitment we have towards our customers’ information security.
Legal Island’s ISMS programme is founded on the international standard BS ISO/IEC 27001:2013. The Legal Island ISMS control documents have been produced to define requirements for a management systems approach to information security management, based on industry best practices.
The framework for setting Information Security objectives has been established and documented. It is the objective of Legal Island to ensure that information is only accessible to authorised persons from within or outside the company and minimise damage by preventing and reducing the impact of security incidents. Confidentiality, Integrity and Availability of information is maintained throughout business functions and processes.
Legal Island has established a risk assessment methodology to identify and control the security of business information meeting legal, regulatory and contractual requirements.
Demonstration of successful implementation of this management system will assure all interested parties to the business that an appropriate and effective information security management system is in place.
These specific requirements for setting up and managing an effective information security management system emphasise Legal Island’s commitment to:
- understanding information security needs and the necessity of establishing policy and objectives for information security;
- implementing and operating controls and measures for managing the organisation’s overall information security risk;
- monitoring and reviewing the performance and effectiveness of the ISMS; and
- continual improvement based on objective measurement.
It is the policy of Legal Island to conduct a management review of the ISMS annually or when significant changes take place to ensure the system meets the requirements of all stakeholders and compliance to the ISO 27001 standard.
Jayne Gallagher, Managing Director, has overall responsibility for maintaining this policy and providing guidance on its implementation. It is the responsibility of each employee to adhere to the business ISMS policies and procedures.